Sign in to follow 's advice will appear in your account when you log in. Follow specific Community Members and never miss out on their views and insights. Build a group of Members who you want to listen to.

Email: Password:

Don't have SiliconIndia account? Sign up Forgot your password? Reset

Ask Rishi Narang for Advice

If your advice request is relevant to other Community members, our Editorial team may choose to send this request to all Experts to attract a wider range of answers and share them with the Community. Rest Assured, we will protect your privacy (unless you recommend otherwise).

Advice Request

Submit Cancel

Rishi Narang

Next Member >>

Rishi Narang

Senior Consultant

Aujas Networks

My brief description

I am wearing many hats when it comes to profession in information security. I am currently working as Senior Consultant for Aujas Networks Pvt. Ltd. I also author professional articles for international magazine(s). Post education, I have more than 7 years of experience. My daily fire fighting activities include security assessments and VA/PT activities on networks, web and mobile applications. I manage a team of 4 people, and kudos to my amazing team/colleagues, I enjoy working with them.

Challenges in Job

Information Security as a domain is very challenging in all respects. We live in a binary world - it's either safe, or its not. Anything left behind, or overlooked has a probability of being exploited by the 'evil' hackers. I feel every other day, every other application throws a challenge. Discover all the bugs or you will lose the cyber war against 'bad' hackers, or attackers. So, I have to be up-to date on different attack vectors, and all the possible security holes that a 'bad' guy can find. I have to make sure of the low hanging fruits as well as the high reaching leaflets.It surely helps in paving my future in this vertical. Every day is a deadline delivery, yet every day I learn something new about security, application or the intended deliverable. Its a learning curve, and will continue to be due to its very dynamic nature.

Thing that makes job easier

My curiosity and appetite to learn. Information security is a stream that can't be delivered to its full potential by learning 'only' from books. One needs to be curious, attentive, and think 'out of box'. You have to balance your creativity, and seldom even step into an attacker's shoes. No battle can be won, if you don't know your opponent style of fight. My appreciation is also to my team, and colleagues that I interact in different projects. They have been very supportive and surely understand the need to ask questions. Their questions often make me deep dive in the untouched concepts of information security. Thus, better understanding of basics lead a strong foundation of different frontiers in security.

Upcoming Trends

Over the coming years, its more wireless and more mobile. Computing is now in your hands, and is shifting fast from your lap. Tablets and mobile computing devices are getting very common. Cloud computing already is getting an acceptance, but now there would be a fusion of computing in the cloud, and clients in your hands.

My point of view

The problem is we do not channelize our resources. We have a temperament to be money driven. But, I believe its changing slowly. I appreciate people who volunteer towards open source products. We have some Indians who have changed the way we operate computing devices, but to give them a platform for research we need good infrastructure and freedom to feel it as their creative playground, yet giving them perks to encourage. This kind of attitude is not common with Indian firms. Indian firms believe in ROI for every resource at the earliest. Even if a resource is hired for research, we expect quick delivery with deadlines hanging on his head. Indian firms should build platforms for research, and leverage creativity in building in house software and hardware without comparing it. Comparison and competition often kills creativity!

Goals and ambitions

Next 5 years, I would like to deliver my best to the information security community. I have learnt a lot from the community, and now its the best time to return what I have experienced and share my ideas & research with the community. Professionally, I also want to be an entrepreneur and evangelize something unique in information security.

Advice from my side

Never run behind certifications. Certifications are to prove that you know your 'stuff' but never to learn. First, clear your information security concepts, and understand what you do, how you do and why are you doing. Understand the basics of internet, security and information flowing in and out. Once you are confident in your art of hacking and security, then you 'may' target some certifications.

Advise to young college students

Go for your dreams! Information Security is not a simple job of hacking passwords, and you are done. It way beyond that that. There is enterprise security with complexity of computing devices, network perimeters, and host based controls. Look what you want, and don't be carried away by the terms like 'hacker', security professional, etc. Its rightly said - with great power, comes greater responsibility. Understand what you are dealing with, before just dive in without the appropriate gears, and then struggling with the high tides of industry expectations. Be curious, be hungry, be foolish and strive to learn.